ABSTRACT
Protection against social engineering attacks and other security threats is essential for all organizations. Attackers use malware to obtain access to an organization’s network and computer environment and to execute an attack within the environment. Training is absolutely essential for security against social engineering and malicious code attacks, but it is neglected by far too many organizations. The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. Defending against social engineering attacks is a necessity for all types and sizes of organizations. The information security program is more effective when security processes are deeply embedded in the institution’s culture. Effective security must be a substantive part of organization culture and training must occur on an ongoing basis. Training is absolutely essential to security against social engineering and malicious code attacks but it is neglected by far too many organizations.
